Super scams: ASIC's warning to trustees

After commencing its first scam related enforcement proceeding late last year, ASIC has now turned its attention to the superannuation industry, and put trustees on notice of its expectations of their role in preventing scams and fraud practices.

In a letter on Wednesday to superannuation trustees, ASIC requested superannuation trustees:

• conduct a preliminary assessment of their anti-scam and anti-friction measures (including those provided by external administrators);
• read ASIC's earlier reports of scam prevention and anti-scam practices for  banks;
• consider whether it is appropriate to allocate the scam (and fraud) management key function to one of the trustee's accountable persons as they prepare for the Financial Accountability Regime; and
• leverage industry bodies and bilateral relationships to share information and promote improvements across the industry.

Key takeaways for superannuation trustees to improve their scam resilience

Given ASIC's focus on the industry by including specific superannuation enforcement priorities in its key issues outlook for 2025, together with ASIC's previous focus on complaints and claims handling in the superannuation industry, it would be prudent for trustees to consider these interconnected governance issues both individually and holistically (particularly given ASIC's comments that its review found that none of the trustees surveyed had any organisation-wide scams strategy in place).

An immediate example is to ensure that complaints-handling and scam prevention, detection and response activities work together to assist each other.

Another point to consider is whether the agreements that trustees have with outsourced service providers such as administrators are fit for the evolving and dynamic scams landscape and whether the mechanisms for review of an administrator's systems and procedures for the prevention, detection and response to scams are sufficient given the duties imposed on trustees. For example, does the trustee have the right to undertake testing of the administrator's systems and processes for scam prevention and detection? What data about scam-related activities must the administrator provide to the trustee?

Given the impending introduction of the requirements under CPS 230, and the impact it has on outsourced arrangements, trustees should start considering these (and other) matters when negotiating terms with outsourced service providers such as administrators.

Why ASIC is focusing on scams in the superannuation sector

In its letter to trustees, ASIC noted that:

• an increasing number of fund members are reaching the preservation age. With fewer frictions in accessing their funds, combined with typically higher account balances, these members can be attractive scam targets;
• a recent review undertaken by ASIC identified that trustees' practices in preventing, detecting and responding to scams identified that trustees were overly reliant on anti-fraud (ie. unauthorised transactions) measures and had limited focus on the specific risks and harms associated with scams. An example is given of trustees focusing on requesting that the person requesting the transfer was a member, rather than looking for flags to indicate that the member may have been tricked;
• trustees did not have sufficient oversight of their external administrators' anti-scam and anti-fraud practices and lacked key details about them; and
• trustees in ASIC's review lacked many of the foundational anti-scam practices that ASIC identified in its previous reports on banks, such as:

• • a scams strategy;
  • dedicated reporting on scams; and
  • reviewing their scam prevention, detection and response capabilities.

While some trustees reported that they had not seen many, if any, scams impacting their members and this was a reason for their limited focus on scams, this may be driven by the high proportion of Australians in the accumulation phase, or shortcomings in trustees' processes for detecting scams and the lack of focus on scams as a subcategory of fraud.